Using a fine-grained address space layout randomization to mitigate potential security exploits
First Claim
Patent Images
1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of a device, cause the device to perform operations comprising:
- selecting a region in a first address space in memory of the device, the region storing instructions for execution by one or more processors of the device;
dividing the region into multiple clumps of memory, each clump including a plurality of memory pages including at least a start memory page and an end memory page;
mapping each clump from an address in the first address space to a random address in a second address space by referencing a shuffled clump map;
determining whether the end memory page of the each clump includes instruction codes for execution;
if the end memory page includes instruction codes, additionally mapping a start memory page of a subsequent clump to an address contiguous with the end memory page of the each clump;
loading the each clump into the random address in the second address space of the device for a shuffled virtual memory address space corresponding to the shuffled clump map; and
identifying the region storing the instructions for execution based on the shuffled clump map.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing system can use a method of fine-grained address space layout randomization to mitigate the system'"'"'s vulnerability to return oriented programming security exploits. The randomization can occur at the sub-segment level by randomizing clumps of virtual memory pages. The randomized virtual memory can be presented to processes executing on the system. The mapping between memory spaces can be obfuscated using several obfuscation techniques to prevent the reverse engineering of the shuffled virtual memory mapping.
-
Citations
19 Claims
-
1. A non-transitory machine-readable medium storing instructions which, when executed by one or more processors of a device, cause the device to perform operations comprising:
-
selecting a region in a first address space in memory of the device, the region storing instructions for execution by one or more processors of the device; dividing the region into multiple clumps of memory, each clump including a plurality of memory pages including at least a start memory page and an end memory page; mapping each clump from an address in the first address space to a random address in a second address space by referencing a shuffled clump map; determining whether the end memory page of the each clump includes instruction codes for execution; if the end memory page includes instruction codes, additionally mapping a start memory page of a subsequent clump to an address contiguous with the end memory page of the each clump; loading the each clump into the random address in the second address space of the device for a shuffled virtual memory address space corresponding to the shuffled clump map; and identifying the region storing the instructions for execution based on the shuffled clump map. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A data processing system comprising:
-
one or more processors coupled to a memory device; a loader to cause the one or more processors to load a segment of a binary into the memory; a first memory manager to map a first virtual memory address to a first physical address in memory, the first physical address in a region of the memory including the segment and the first virtual memory address associated with a memory clump including a plurality of virtual memory pages including a start virtual memory page and an end virtual memory page, wherein if an end virtual memory page of the memory clump includes instruction codes for execution then the memory clump also includes a start virtual memory page of a subsequent memory clump; a second memory manager to randomly map a second virtual memory address to the first virtual memory address, wherein the second virtual memory address is an address of a shuffled virtual memory address space corresponding to a shuffled clump map, wherein the region of the memory including the segment is identified by mapping the region of the memory from an address in the first virtual memory address to a random address in the second virtual address space by referencing the shuffled clump map; and a memory view process to present a view of the segment to a user process, wherein the view includes the second virtual memory address. - View Dependent Claims (11, 12, 13, 14)
-
-
15. An electronic device comprising:
-
one or more processors coupled to a bus; a memory device, coupled to the bus, to store first instructions for execution by the one or more processors, wherein the first instructions, when executed, cause the one or more processors to perform operations to; select a region in a first address space in memory of the device, the region to store second instructions for execution by one or more processors of the device; divide the region into multiple clumps of memory, each clump including a plurality of memory pages including at least a start memory page and an end memory page; map each clump from an address in the first address space to a random address in a second address space by referencing a shuffled clump map; determining whether the end memory page of the each clump includes instruction codes for execution; if the end memory page includes instruction codes, additionally mapping a start memory page of a subsequent clump to an address contiguous with the end memory page of the each clump; loading the each clump into the random address in the second address space of the device for a shuffled virtual memory address space corresponding to the shuffled clump map; and identifying the region storing the second instructions for execution based on the shuffled clump map. - View Dependent Claims (16, 17, 18, 19)
-
Specification